Re: I've got a problem with tcpdump, HELP

[Benimaur Gao <benimaur@gmail.com>]

Yes, I stop the capture by Ctrl C, but actually, there is no more output..

>........;Ts..p......J.....
>j.B$A...GET /misc/ccs/deleteClubThread
  
~~~~~~~~~~~~~~~~~~~~~~
With this request packet, It's also supposed to have more info, such as Content-Type, Date, Set-Cookie, etc. just as the first case. Why were they discarded here? 

I suspect that it is caused by different version of tcpdump? The 					dilemma is I've no permission to upgrade the software :(

>20:14:55.127121 IP 10.20.141.138.synchronet-db > 10.20.141.64.35246: P
 1:363(362) >ack 213 win 54 <nop,nop,timestamp 1105987621 
1778729508>

On Thu, Mar 31, 2011 at 11:54 PM, Camaleón <noelamac@gmail.com> wrote:

On Thu, 31 Mar 2011 20:49:03 +0800, Benimaur Gao wrote:

>     I've encountered a problem in using tcpdump. I tried to capture http
>     traffic by using the following command:
>
>     # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and
>     (((ip[2:2] -
> ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
>    (notes: the web application serves at 9003 port, not the conventional
>    80
> instead)
>
>    but different results was given by two hosts:

(...)

> Date: Thu, 31 Mar 2011 12:16:04 GMT
> Expires: Thu, 01-Jan-1970 00:00:00 GMT Content-Language: cn,zh-cn
> Content-Type: text/html; charset=GBK

> then I ran the same command on another host, the different result was
> given

(...)

> Date: Thu, 31
       ^^^^^^^ ??

Indeed, the latter output seems to be broken as if had been unexpectedly
interrupted. How did you manage to stop the capture in both cases? Ctrl
+C? :-?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] pan.2011.03.31.15.54.47@gmail.com" target="_blank">http://lists.debian.org/[🔎] pan.2011.03.31.15.54.47@gmail.com